RedKite

1.0.1

A Microsoft 365 incident response and investigation powershell module with a focus on email phishing attacks.
Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts.
The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CSV file that flags po
A Microsoft 365 incident response and investigation powershell module with a focus on email phishing attacks.
Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts.
The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CSV file that flags possible supicious activity, where further investigation may be required.
Checks include;
Delete or mark messages as read
Move messages to folders silently
Forward emails externally
Recent Mailbox Changes
Show more

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name RedKite -RequiredVersion 1.0.1

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name RedKite -Version 1.0.1

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2025 James Erskine. All rights reserved.

Package Details

FileList

Version History

Version Downloads Last updated
1.0.9 5 6/12/2025
1.0.7 6 6/9/2025
1.0.6 6 6/5/2025
1.0.5 7 6/5/2025
1.0.4 5 6/5/2025
1.0.3 6 6/5/2025
1.0.2 6 6/5/2025
1.0.1 (current version) 6 6/4/2025
1.0.0 8 6/4/2025
Show less